Evida

Privacy Policy

Last updated: January 2, 2025

Evida Health ("us", "we", or "our") operates the Evida healthcare compliance platform (hereinafter referred to as the "Service").

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service. We are committed to protecting your privacy and maintaining HIPAA compliance in all our operations.

By using the Service, you agree to the collection and use of information in accordance with this policy.

HIPAA Compliance

As a healthcare technology platform, Evida Health is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA). We implement administrative, physical, and technical safeguards to protect Protected Health Information (PHI) in accordance with HIPAA regulations.

Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, phone number, and organization details
  • Healthcare Data: Clinical data, compliance metrics, policy documents, and accreditation records accessed through your EHR system
  • Usage Data: Information about how you use our Service, including access times, pages viewed, and features used
  • Technical Data: IP address, browser type, device information, and cookies

How We Use Your Information

We use the collected data to:

  • Provide and maintain our compliance platform
  • Process and analyze healthcare data for accreditation purposes
  • Generate compliance reports and analytics
  • Provide customer support and respond to inquiries
  • Improve and optimize our Service
  • Detect and prevent security threats
  • Comply with legal and regulatory obligations

Important: We do not use healthcare data to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models. Healthcare data is used strictly for compliance and accreditation purposes as outlined in your service agreement.

Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: All data is encrypted at rest and in transit using industry-standard protocols
  • Access Controls: Role-based access control (RBAC) ensures only authorized personnel can access sensitive data
  • Audit Trails: Comprehensive logging of all data access and system activities
  • Regular Security Assessments: Ongoing security audits and vulnerability testing
  • Employee Training: All staff undergo regular HIPAA and security training

Data Retention

We retain your data only for as long as necessary to provide our Service and comply with legal obligations. Healthcare data is retained in accordance with HIPAA requirements and applicable state laws, typically for a minimum of six years.

Your Rights

You have the right to:

  • Access your personal and healthcare data
  • Request corrections to inaccurate data
  • Request deletion of your data (subject to legal retention requirements)
  • Opt-out of marketing communications
  • Receive a copy of your data in a portable format
  • File a complaint with relevant regulatory authorities

To exercise these rights, please contact us at the information provided below.

Third-Party Service Providers

We work with select third-party service providers who assist in delivering our Service. All third-party providers who handle healthcare data sign Business Associate Agreements (BAAs) as required by HIPAA. These providers have access to data only to perform specific tasks and are obligated to maintain confidentiality and security.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email and/or a prominent notice within our Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

For HIPAA-related inquiries or to report a potential privacy breach, please contact our Privacy Officer at privacy@evidahealth.ai